NEXUS Log Analyzer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a disclosed remote log-analysis API, but it can trigger paid per-request blockchain/payment flows without clear approval or spending controls.
Install only if you trust the NEXUS hosted service and intentionally want a paid remote log-analysis workflow. Use sandbox mode first, redact sensitive logs, protect the NEXUS_PAYMENT_PROOF value, and require explicit approval or a spending cap before any real paid request.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent follows these instructions automatically, log-analysis tasks could incur real per-request charges or trigger blockchain payment flows.
The skill’s own workflow includes making a paid request/payment as part of using the analyzer, but it does not specify user confirmation, spending limits, retry limits, or sandbox-only defaults before payment.
Price: $0.25/request ... Send payment to the `payTo` address ... Retry with `X-PAYMENT: <base64url JSON ...>` header.
Only use this with explicit per-request approval or a configured budget cap, and prefer `sandbox_test` until you intentionally enable paid requests.
Anyone or any agent with access to this environment variable may be able to use the paid NEXUS service under your payment proof.
The skill requires a payment proof credential and sends it as an API header. This is expected for the paid service, but it is still sensitive account/payment authority.
requires:\n env: [NEXUS_PAYMENT_PROOF] ... `X-Payment-Proof: <masumi_payment_id>`
Store the payment proof securely, scope it if possible, rotate it if exposed, and avoid sharing it with unrelated skills or agents.
Sensitive information present in logs may be transmitted to the NEXUS service and processed by server-side AI models.
The skill clearly discloses that user-supplied log content is sent to an external hosted AI service. That is purpose-aligned, but logs can contain secrets, tokens, IPs, or customer data.
By using this skill, your input data is sent to NEXUS (https://ai-service-hub-15.emergent.host) for AI processing.
Review or redact logs before use, especially production logs containing credentials, personal data, customer data, or internal infrastructure details.
It may be harder to verify who maintains the service, what changed between versions, or where to review authoritative documentation.
The registry metadata provides limited provenance for a skill that depends on a remote paid service, and the registry version differs from the SKILL.md frontmatter version 2.0.0.
Source: unknown; Homepage: none; Version: 1.1.0
Verify the provider and endpoint out-of-band before enabling paid use, and treat version/provenance mismatches as a reason to review carefully.